.\" Copyright 2023, Florent Revest <revest@chromium.org>
.\" Copyright 2024, Alejandro Colomar <alx@kernel.org>
.\"
.\" SPDX-License-Identifier: Linux-man-pages-copyleft
.\"
.TH PR_SET_MDWE 2const 2024-06-01 "Linux man-pages 6.9.1"
.SH NAME
PR_SET_MDWE
\-
set the Memory-Deny-Write-Execute protection mask for the calling process
.SH LIBRARY
Standard C library
.RI ( libc ", " \-lc )
.SH SYNOPSIS
.nf
.BR "#include <linux/prctl.h>" "  /* Definition of " PR_* " constants */"
.B #include <sys/prctl.h>
.P
.BI "int prctl(PR_SET_MDWE, unsigned long " mask ", 0L, 0L, 0L);"
.fi
.SH DESCRIPTION
Set the calling process' Memory-Deny-Write-Execute protection mask.
Once protection bits are set,
they can not be changed.
.P
.I mask
must be a bit mask of:
.TP
.B PR_MDWE_REFUSE_EXEC_GAIN
New memory mapping protections can't be writable and executable.
Non-executable mappings can't become executable.
.TP
.B PR_MDWE_NO_INHERIT " (since Linux 6.6)"
.\" commit 2a87e5520554034e8c423479740f95bea4a086a0
Do not propagate MDWE protection to child processes on
.BR fork (2).
Setting this bit requires setting
.B PR_MDWE_REFUSE_EXEC_GAIN
too.
.SH RETURN VALUE
On success,
0 is returned.
On error, \-1 is returned, and
.I errno
is set to indicate the error.
.SH ERRORS
.TP
.B EINVAL
.I mask
is not a valid value.
.SH STANDARDS
Linux.
.SH HISTORY
Linux 6.3.
.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61
.SH SEE ALSO
.BR prctl (2),
.BR PR_GET_MDWE (2const)
